If a cookie is vulnerable to XSS (so you can edit the cookie’s value to contain script), how can that be exploited in practice?
I was checking out this Portswigger lab:
https://portswigger.net/web-security/essential-skills/using-burp-scanner-during-manual-testing/lab-scanning-non-standard-data-structures